Static task
static1
Behavioral task
behavioral1
Sample
th123.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
th123.exe
Resource
win10v2004-20230703-en
General
-
Target
th123.exe
-
Size
4.6MB
-
MD5
df35d1fbc7b583317adabe8cd9f53b2e
-
SHA1
fa273e6a064497c5ab6a2f1a065d27a49cbe4cac
-
SHA256
f0db93660ceb8635a1921e0ba4686fcfbd5c492311dee6ef7061b7bada16731e
-
SHA512
495a37a9877fe3a54eb177cac7aec96b4851a411496fefd5ab6edb749b6d5c13b15b14f44524e6467ef6b1d70b966b80a9064eb95783d97a1d07d3df0543e62a
-
SSDEEP
49152:fPe3dm4UNUBB3itiEluL7M56Dbaiy2lTKh6ufrKGDYvLP0UsTQjgq:ZNUBB3it+LQ5oaiHTTNGdUSq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource th123.exe
Files
-
th123.exe.exe windows x86
Password: 12121212
4d391f1745d219adc5207bcb5c75fdf0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetCurrentDirectoryA
GetModuleFileNameA
GetLastError
CreateMutexA
SetEvent
MoveFileA
CopyFileA
DeleteFileA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
InterlockedCompareExchange
GetStringTypeExA
SetEnvironmentVariableA
WriteFile
GetFileSize
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetUserDefaultLCID
SetFilePointer
ReadFile
CreateFileA
WaitForSingleObject
CloseHandle
CreateEventA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
FreeLibrary
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
LCMapStringA
MultiByteToWideChar
VirtualAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetVersionExA
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalLock
GlobalUnlock
GetPrivateProfileStringA
GetCurrentDirectoryA
GetPrivateProfileIntA
SetThreadPriority
GetExitCodeThread
CreateThread
ExitProcess
lstrlenA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapReAlloc
GetProcAddress
GetModuleHandleA
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
GetTimeZoneInformation
Sleep
HeapSize
FreeEnvironmentStringsA
user32
wsprintfA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadStringA
SetWindowPos
GetWindowInfo
GetWindowLongA
GetDC
ReleaseDC
ToAscii
GetWindowRect
GetClipboardData
CloseClipboard
OpenClipboard
GetMessageA
ShowCursor
SetWindowTextA
PeekMessageA
DefWindowProcA
DispatchMessageA
PostQuitMessage
TranslateMessage
LoadImageA
LoadIconA
GetSystemMetrics
SendMessageA
SetRect
MessageBoxA
gdi32
DeleteObject
SelectObject
GetStockObject
CreateFontA
GetTextMetricsA
GetGlyphOutlineA
ole32
CoInitialize
CoUninitialize
CoCreateInstance
winmm
timeBeginPeriod
timeGetTime
imm32
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA
ImmSetCandidateWindow
d3dx9_33
D3DXCreateEffect
D3DXVec2Hermite
D3DXCreateTexture
D3DXVec2Normalize
d3d9
Direct3DCreate9
ws2_32
htons
WSACleanup
WSAGetLastError
WSAStartup
htonl
gethostbyname
bind
recvfrom
shutdown
socket
closesocket
sendto
ntohs
inet_addr
imagehlp
MakeSureDirectoryPathExists
Sections
.text Size: 4.3MB - Virtual size: 4.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 172KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 84KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ